Protect Organisation Data in Unmanaged Devices with Microsoft Defender for Cloud Apps

Protect Organisation Data in Unmanaged Devices with Microsoft Defender for Cloud Apps

Microsoft Defender for cloud apps, formerly Microsoft Cloud Apps Security is the Microsoft Cloud Access Security Broker solution (CASB). We can say CASB is the intermediary in charge of monitoring and security between your end users and the different cloud services they must access, this allows you to apply policies to protect and monitor access in different cloud services such as policies to protect against data exfiltration.

Microsoft Defender for Cloud Apps (MDCA) can be used to protect organization data accessed via Unmanaged devices (BYOD). With MDCA, you can onboard your Microsoft 365, G suite, Drop Box, Salesforce, and other Software as a Service solutions. This means that, users can access their Emails on the browser but as the administrator you can prevent downloading of email attachment or copying email content on the personal devices without the need to enroll the devices to Mobile Device Management (MDM)/ Mobile Application Management (MAM).

When a user attempts to copy or download an email attachment on their personal device (both PC and phones) they will get a prompt indicating that the download action is not allowed by the organization (you can modify the notification that they receive here)

No alt text provided for this image
Policy violation


This downloading action can also be raised as an alert to the admins for further investigation. The admin will get an email of the policy violation with the details about the policy and a link to investigate further.

No alt text provided for this image
Admin email alert

The user will also get an email to notify them about the policy violation and maybe some statement on what they can do next.

No alt text provided for this image
End user email notification

?To implement this level of control on unmanaged devices, you first create a conditional access policy from Entra Admin center and include the cloud apps you want to monitor and protect in the policy with a Session control enabled for “Use Conditional Access Policy.” Read more and admin experience here PROTECT SENSITIVE DATA IN UNMANAGED DEVICES(BYOD) WITH MICROSOFT DEFENDER FOR CLOUD APPS – Kevoh.Ninja

要查看或添加评论,请登录

Kelvin Ngware的更多文章

社区洞察

其他会员也浏览了